File palemoon.changes of Package palemoon
-------------------------------------------------------------------
Wed Apr 8 14:40:10 UTC 2020 - chris@computersalat.de
- update to 28.8.4
* building on the Unified XUL Platform
- Update localization to 28.9.0_RC1
-------------------------------------------------------------------
Mon Sep 2 19:33:26 UTC 2019 - chris@computersalat.de
- update to 28.7.0
* building on the Unified XUL Platform
- Update localization to 28.7.0_RC3
- rework patches
* palemoon_ini.patch
- delete obsolete patches
* palemoon_gcc7.patch
* palemoon_prefs.patch
- add new patches
* palemoon_nongnome-proxies.patch
* palemoon_profile.patch
-------------------------------------------------------------------
Fri Jul 13 12:47:09 UTC 2018 - chris@computersalat.de
- Update to 27.9.4
* for more info about changes see:
https://github.com/MoonchildProductions/Pale-Moon/releases/tag/27.9.4_Release
- Update localization to 27.9.4_RC2
- remove obsolete palemoon_strcmp.patch
- disable ac_add_options --enable-official-branding
- add palemoon_gcc7.patch
- build with system icu, without >= 58.2 (segfault)
- build with system vpx
-------------------------------------------------------------------
Fri Jan 19 18:57:43 UTC 2018 - chris@computersalat.de
- Update to 27.7.1
* for more info about changes see:
https://github.com/MoonchildProductions/Pale-Moon/releases/tag/27.7.1_Release
- add palemoon_strcmp.patch
-------------------------------------------------------------------
Wed Jan 17 21:13:04 UTC 2018 - chris@computersalat.de
- Update to 27.7.0
* for more info about changes see:
https://github.com/MoonchildProductions/Pale-Moon/releases/tag/27.7.0_Release
- Update localization to 27.7.0_RC6
- remove obsolete palemoon_no-return-in-nonvoid-func.patch
-------------------------------------------------------------------
Sat Dec 2 21:53:40 UTC 2017 - chris@computersalat.de
- Update to 27.6.2
* for more info about changes see:
https://github.com/MoonchildProductions/Pale-Moon/releases/tag/27.6.2_Release
- Update localization to 27.7.0_RC3
https://github.com/JustOff/pale-moon-localization/archive/27.7.0_RC3.tar.gz
- rebase patches
* palemoon_prefs.patch
* palemoon_ini.patch
* palemoon_no-return-in-nonvoid-func.patch (from Upstream)
-------------------------------------------------------------------
Wed Nov 15 10:39:45 UTC 2017 - chris@computersalat.de
- Update to 27.6.1
* for more info about changes see:
https://github.com/MoonchildProductions/Pale-Moon/releases/tag/27.6.1_Release
- rebase patches
* palemoon_prefs.patch
* palemoon_ini.patch
- add palemoon_no-return-in-nonvoid-func.patch (from Upstream)
-------------------------------------------------------------------
Sat Nov 11 22:28:14 UTC 2017 - chris@computersalat.de
- Update to 27.6.0
* for more info about changes see:
https://github.com/MoonchildProductions/Pale-Moon/releases/tag/27.6.0_Release
- Update localization to 27.6.0_RC3
https://github.com/JustOff/pale-moon-localization/archive/27.6.0_RC3.tar.gz
- rebase patches
* palemoon_prefs.patch
* palemoon_ini.patch
-------------------------------------------------------------------
Wed Sep 27 20:20:49 UTC 2017 - chris@computersalat.de
- Update to 27.5.0
* for more info about changes see:
https://github.com/MoonchildProductions/Pale-Moon/releases/tag/27.5.0_Release
- rebase palemoon_prefs.patch
-------------------------------------------------------------------
Sat Aug 26 12:40:16 UTC 2017 - chris@computersalat.de
- Update to 27.4.2
* Fixed a number of crashes.
* Enabled the opt-in debugging feature to log SSL keys to a file in all builds.
* Added a fix for TLS 1.3 handshakes causing a browser hangup.
* Handshakes should be considerably faster now and no longer stall in the wrong circumstances.
* Updated NSPR to 4.15.
* Updated NSS to 3.31.1.
* Fixed a DoS issue using overly long Username in URL scheme (CVE-2017-7783)
* Fixed an issue where (cross domain) iframes could break scope (CVE-2017-7787)
* Fixed an issue in WindowsDllDetourPatcher (CVE-2017-7804)
* Fixed an issue with elliptic curve addition in mixed Jacobian-affine coordinates (CVE-2017-7781)
* Fixed a UAF in nsImageLoadingContent (CVE-2017-7784)
* Fixed a UAF in WebSockets (CVE-2017-7800)
* Fixed a heap-UAF in RelocateARIAOwnedIfNeeded (CVE-2017-7809) DiD (accessibility is disabled)
-------------------------------------------------------------------
Sat Aug 12 19:19:32 UTC 2017 - chris@computersalat.de
- Update to 27.4.1
see https://www.palemoon.org/releasenotes.shtml
- rebase palemoon_prefs.patch
* fix file rename (firefox -> palemoon)
-------------------------------------------------------------------
Sun Jun 18 19:03:45 UTC 2017 - chris@computersalat.de
- Update to 27.3.0
- see https://www.palemoon.org/releasenotes.shtml
-------------------------------------------------------------------
Fri Mar 17 14:21:21 UTC 2017 - chris@computersalat.de
- Update to 27.2.0
- see https://www.palemoon.org/releasenotes.shtml
- 27.1.2 (2017-03-03)
* This is a small update adding a workaround for potential deadlocks happening in media elements.
- 27.1.1 (2017-02-21)
* Implemented a fix in media handling to prevent crashes with concurrent videos and/or rapidly starting/stopping video playback in the browser.
* Fixed the way the Adobe Flash plugin is detected to prevent confusion with other plugins that identify themselves as "Flash" (e.g. VLC).
* Windows: Solved stability issues caused by the release build process, resulting in unexpected behavior (e.g. hangups).
-------------------------------------------------------------------
Fri Feb 17 21:02:57 UTC 2017 - chris@computersalat.de
- revert package rename (newmoon -> palemoon)
- remove not needed palemoon-27.0.3-homepage.patch
* release notes are already opened in a new tab if an upgrade
from a previous version is detected
- rename patches
* palemoon-26.3.0-ini.patch -> palemoon_ini.patch
* palemoon-27.1.0-prefs.patch -> palemoon_prefs.patch
- rework/rebase patches
* palemoon_ini.patch, palemoon_prefs.patch
-------------------------------------------------------------------
Sat Feb 11 18:37:15 UTC 2017 - avvissu@yandex.by
- Fixed: Use system hunspell
-------------------------------------------------------------------
Wed Feb 8 10:31:37 UTC 2017 - avvissu@yandex.by
- Update to 27.1.0:
* Reworked the media back-end completely to use FFmpeg and our
own MP4 parser.
* Restored classic about:config styling.
* Added a fallback to US-ASCII if the autoconfig UTF-8 conversion
fails.
* Improved cross-compartment wrapper handling when managing a
large number of tabs (performance).
* Changed the way audio and video synchronization is calculated
to account for (slow) device latency, preventing things from
getting out of sync.
* Changed the way scripts are handled when they are stopped from
the "unresponsive script" dialog, to prevent browser lockup.
* Fixed several errors in the devtools.
* Fixed a nasty crash caused by cross-origin referrers.
* Added HTML5-spec clipboard handling for content
(cut© only -- paste is not allowed for security reasons).
* Made multiple changes to the jetpack modules to cater to PMkit
extensions.
* Fixed a css layout issue: make max-width affect contributions
to intrinsic min-width.
* Implemented several updates to the permissions manager.
* Removed Metro browser platform/widget code.
* Removed support for non-standard/deprecated let blocks and
expressions.
* Made the use of let as a keyword versionless and ES6 compliant.
* Made the privacy category in preferences a tabbed setup to
better fit the current options.
* Fixed a regression preventing certain MP4 video files from
playing.
* Fixed a regression where seeking in media files would halt
playback/jump to the end of the stream.
* Changed the Facebook user-agent.
* Fixed the general useragent override taking priority over
site-specific overrides.
* Changed CORS handling to allow data: sources, assuming they are
same-origin.
* Reinstated the network.stricttransportsecurity.enabled preference.
* In HSTS "off" state, prevented HSTS site status from being
written to disk.
* Updated the IDN blacklist with more extended unicode characters
that "look very similar to" normal ASCII characters, to prevent
spoofing of well-known domains.
* Fixed an exploitable crash when using MP4 video. (CVE-2017-5396)
* Fixed an exploitable crash in XSL parsing. (CVE-2017-5376)
* Fixed a potential security issue when exporting certificates
with specially-crafted credentials. (CVE-2017-5381)
* Fixed a potential use-after-free situation in frame selection.
(CVE-2017-5380).
* Fixed a leak of window details through the Ion compiler in
certain situations.
* Fixed the potential for an exploitable crash involving Javascript.
* Fixed a potential overflow situation in WebRTC code.
* Fixed a potentially unsafe situation in websockets.
* Fixed several memory and other safety hazards.
- Update translations to 27.1.0-RC1
- Update patch:
* palemoon-27.0.3-prefs.patch -> palemoon-27.1.0-prefs.patch
- Drop patches (fixed in upstream):
* palemoon-27.0.0-link.patch
* palemoon-27.0.3-regexp-esr.patch
-------------------------------------------------------------------
Tue Jan 31 13:29:13 UTC 2017 - avvissu@yandex.by
- Fix build on openSUSE > 42.2:
* palemoon-27.0.3-regexp-esr.patch (bmo#1329252)
-------------------------------------------------------------------
Tue Jan 10 21:14:56 UTC 2017 - avvissu@yandex.by
- Update translations to RC16
-------------------------------------------------------------------
Fri Dec 16 12:27:44 UTC 2016 - avvissu@yandex.by
- Update to 27.0.3:
* Fixed certain network errors not displaying.
* Fixed network error page styling.
* Fixed the writing of DOM storage data to tabs.
* Added a Google Fonts user-agent override.
* Re-enabled the reporting of CSS errors to the console by default.
* Fixed and updated preferences for location bar suggestions.
* Fixed several x64-specific issues in memory allocation code.
* Fixed timer issues when resuming a computer from stand-by.
* Fixed a number of branding and textual issues in the browser.
* Fixed prompting for the saving of off-line data.
* Fixed a layout regression that would cause block elements
following left floats to not wrap to the next line if there
wasn't enough clearance.
* Fixed a mismatch in Firefox extension compatibility-mode
installation where Firefox extensions served by addons.mozilla.org
would be marked incompatible when trying to install.
* Fixed use-after-free while manipulating DOM events and removing
audio elements (CVE-2016-9899).
* Fixed CSP bypass using the marquee tag (CVE-2016-9895).
* Fixed a vulnerability in the internal Jetpack modules
(CVE-2016-9903).
* Fixed use-after-free in Editor while manipulating DOM subtrees
(CVE-2016-9898).
* Fixed an error in the buffer logic in http-chunked decoder.
* Fixed a crash in generational GC code (not in use by default)
* Fixed a compartment mismatch bug in plug-in code
* Fixed a crash trying to get a nonexistent property.
* Improved MediaRecorder's observer safety.
* Fixed a crash related to document history.
- Update translations to 27.0.0_RC12
- Add translation sub-packages
- Override default home page (add palemoon-27.0.3_homepage.patch)
-------------------------------------------------------------------
Wed Dec 7 15:31:56 UTC 2016 - avvissu@yandex.by
- Update translations to 27.0.0_RC10
-------------------------------------------------------------------
Tue Dec 6 22:01:22 UTC 2016 - avvissu@yandex.by
- Setting the extensions.autoDisableScopes to "11"
-------------------------------------------------------------------
Fri Dec 2 01:36:23 UTC 2016 - avvissu@yandex.by
- Update to 27.0.2:
* This is a bugfix release for some of the issues that popped up
with the new milestone.
- Add translations for package newmoon
- Spec-file cleanup
-------------------------------------------------------------------
Tue Nov 22 20:26:20 UTC 2016 - avvissu@yandex.by
- Update to 27.0.0:
* Update of the Goanna engine to 3.0 - with many changes to layout
and rendering for the modern web.
* Pale Moon now fully supports HTTP/2.
* Ruby Annotations are now an integral part of the HTML parser,
controllable with CSS.
* Media Source Extensions have been implemented to solve many
video playback issues.
* Support for reading and playing so-called "fragmented" MP4 files
has been added, further solving media playback issues.
* Support for SSL/TLS connections to proxy servers.
* Support for the WOFF2 font format for downloadable fonts.
* The JavaScript engine has been updated with support for many
landmark ECMAScript6 features.
* The way web content is cached has been changed to be more efficient.
* Removed the internal PDF (pre)viewer.
* Disabled building of the devtools.
* Removed the active XSS filter..
* Removed support for Add-on SDK extensions.
* All relevant security fixes up to and including Firefox 50 have
been ported across from Mozilla.
* More info: http://www.palemoon.org/releasenotes.shtml
- Rename package to newmoon (see:https://www.palemoon.org/redist.shtml)
- Build with option: --with-system-icu
- set LD_LIBRARY_PATH
- Add palemoon-27.0.0-link.patch
-------------------------------------------------------------------
Thu Sep 29 14:39:47 UTC 2016 - avvissu@yandex.by
- Update to 26.5.0:
* Implemented a breaking CSP (content security policy) spec change.
* Fixed an issue with the XML parser.
* Improved the performance of canvas poisoning by explicitly
parallelizing it.
- Security fixes:
* (CVE-2016-5280)
* Made checking for invalid PNG files more strict.
* Changed the way paletted image frames are allocated so the space
is cleared before it's used.
* Fixed a crash in nsNodeUtils::CloneAndAdopt() due to a typo.
* Fixed several memory safety issues and crashes.
-------------------------------------------------------------------
Wed Sep 14 19:22:50 UTC 2016 - avvissu@yandex.by
- Update to 26.4.1:
* Fixed a crash in the XSS filter.
* Slightly changed the address bar shading on secure sites to be
more subtle and easily-blended.
* Fixed the occurrence of "null" titles in bookmarks dragged from
special folders.
* Fixed an error initializing the browser due to trying to
restore scratchpad data from a stored session when having
switched from a version with devtools to a version without
devtools, and the previous version had scratchpad data saved.
* Fixed some minor issues in scratchpad and gcli devtools.
- Security fixes:
* Updated the HSTS preload list to a much more updated source list,
and performing our own checks on validity from now on to have
the list be as accurate as possible.
* Disabled Triple-DES cipher suites by default.
-------------------------------------------------------------------
Sat Aug 20 20:48:41 UTC 2016 - avvissu@yandex.by
- Update to 26.4.0:
* Removed Google Search as a bundled search provider
* Fixed the URL API to allow "stringification" of the object per
specification
* Added the ES6 string .includes() function in addition to the
pre-existing
* Fixed the calculation of standalone SVG embeds width and height
* Improved memory allocation
* Updated the SQLite library to 3.13.0
* Download= properties of links are now honored from the context
menu "Save" option
* Fixed a crash in the XSS filter
- Security fixes:
* (CVE-2016-5251) Potential URL spoofing in the address bar
* (CVE-2016-0718) Context-dependent crash in expat 2.1.0
* (CVE-2016-5266) Outgoing dataTransfer items are not properly
filtered
* Fixed potentially exploitable crash in the array splice
implementation
* Fixed potentially exploitable crash caused by badly formatted
ICO files
* (CVE-2016-5254) Heap-use-after-free in nsXULPopupManager::KeyDown
-------------------------------------------------------------------
Fri Jul 8 18:43:48 UTC 2016 - avvissu@yandex.by
- Update to 26.3.3:
* Small bugfix update
-------------------------------------------------------------------
Sun Jun 26 12:14:41 UTC 2016 - avvissu@yandex.by
- Update to 26.3.1:
* Reverted the useragent identification of Firefox compatibility
mode to 38.9
* Added a site-specific override for Google fonts to make sure it
always works even if not using Firefox compatibility mode
-------------------------------------------------------------------
Sun Jun 19 19:36:16 UTC 2016 - avvissu@yandex.by
- Initial release
